Gentoo update for OpenSSH
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2023-25136 CVE-2023-28531 CVE-2023-38408 |
| CWE-ID | CWE-415 CWE-255 CWE-426 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Double Free
EUVDB-ID: #VU71771
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-25136
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to potentially execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the sshd(8) daemon. A remote non-authenticated attacker can send specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
The vendor believes exploitation of this vulnerability has limitations as double free occurs "in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms". Nevertheless we assign a high risk to this vulnerability.
Update the affected packages.
net-misc/openssh to version:
Gentoo Linux: All versions
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202307-01
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Credentials management
EUVDB-ID: #VU73775
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-28531
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to bypass implemented security restrictions.
the vulnerability exists due to a logic error in ssh-add when adding smartcard keys to ssh-agent with the per-hop destination constraints. As a result, the keys are added without constraints.
Update the affected packages.
net-misc/openssh to version:
Gentoo Linux: All versions
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202307-01
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Untrusted search path
EUVDB-ID: #VU78454
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-38408
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to usage of an insecure search path within the PKCS#11 feature in ssh-agent. A remote attacker can trick the victim into connecting to a malicious SSH server and execute arbitrary code on the system, if an agent is forwarded to an attacker-controlled system.
Note, this vulnerability exists due to incomplete fix for #VU2015 (CVE-2016-10009).
Update the affected packages.
net-misc/openssh to version:
Gentoo Linux: All versions
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202307-01
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
